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27. The small footprint device of claim 1 in which groups of one or more program modules 
are run in separate contexts.— 

28. The small footprint device of claim 27 in which the context barrier is configured to 
prevent access from one program module to a program module in a different context.-- 

29. The small footprint device of claim 27 in which said context barrier allocates separate 
respective name spaces for each context.- 

30. The small footprint device of claim 27 in which said context barrier allocates separate 
respective memory spaces for each context.-- 

31. The small footprint device of claim 1 in which at least one program module comprises 
a plurahty of applets.-- 

32. The small footprint device of claim 1 in which said context barrier enforces at least one 
security check on at least one of principal, object or action to prevent access from a principal in one 
context to an object in a different context.- 

33. The small footprint device of claim 32 in which groups of one or more program 
modules are run in separate contexts.— 
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34. The small footprint device of claim 33 in which the context barrier prevents access 
from one program module to a different program module.- 
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35. The small footprint device of claim 33 in which at least one security check is based 
partial name agreement between a principal and an object.- 



36. The small footprint device of claim 33 in which at least one security check is based on 
memory space agreement between a principal and an object.-- 

37. A method of operating a small footprint device, comprising the step of preventing 
access from one program module to a different program modules using a context barrier.- 

38. The method of claim 37 in which the comext barrier is implemented using a virtual 
machine.-- 

39. The small footprint device of claim 38 in which groups of one or more program 
modules are run in separate contexts.-- 

40. The method of claim 39 in which the context barrier prevents access from one program 
module to a different program module.- 
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41. The method of claim 40 in which the context barrier will not permit a principal to 
access an object unless both principal and object are part of the same 



name space.— 



42. The method of claim 40 in which the context barrier will not pennit a principal to 
access an object unless both principal and object are part of the same memory space.- 

43. The method of claim 37 in which the context barrier will not permit a principal to 
perfom an action on an object unless both principal and object are part of the same context.- 

44. The method of claim 43 in which the context barrier will permit a principal to perfomi 
an action on an object when they are not part of the same context if the principal is authorized to 
perform the action on the object.-- 

45. The method of claim 44 in which the principal is authorized if it passes at least one 
security check.-- 

46. The method of claim 45 in which said at least one security check is one of a plurality of 
security checks.- 

47. The method of claim 44 in which, if a principal in a first context is authorized to 
perform one or more actions on an object in a second context, when the action is performed it will 
execute within the second context.-- 
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48. The method of claim 47 in which, when one or more actions are authorized in the 
second context, subsequent actions will be authorized based on executing in the second context, and 
a principal in the second context will be able to access objects in the second context.- 

49. The method of claim 48 in which, when one or more actions complete in the second 
context, execution will return to the first context.- 

50. The method of claim 47 in which, when action is undertaken in the second context that 
requires access to an object in a third context, the action will execute within the third context.-r 

51. The method of claim 50 in which switches to a new context will occur any time action 
is authorized on an object in a new context.-- 

52. A computer program product, comprising: 

a. a memory medium; and 

b. a computer controlling element comprising instructions for implementing a context 
barrier on a small footprint device.- 

53. The computer program product of claim 52 in which said memory medium is a carrier 

wave.— 
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54. A computer program product, comprising: 

a. a memory medium; and 

b. a computer controlling element comprising instructions for separating a plurality of 
programs on a small footprint device by running them in respective contexts.- 

55. The computer program product of claim 54 in which said memory medium is a carrier 



56. A carrier wave carrying instructions for implementing a context barrier on a small 
footprint device over a communications link.~ 

57. A carrier wave carrying instructions over a communications link for separating a 
plurality of programs on a small footprint device by running them in respective contexts.-- 

58. A method of shipping code over a network, comprising the step of transmitting a block 
of code from a server, said block of code comprising instructions over a communications link for 
separating a plurality of programs on a small footprint device by running them in respective 
contexts.-- 
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